Re: Netscape's purported RNG

• To: Adam Shostack <adam@bwh.harvard.edu>
• Subject: Re: Netscape's purported RNG
• From: smb@research.att.com
• Date: Fri, 22 Sep 95 18:51:11 EDT
• cc: www-security@ns2.rutgers.edu

>         While it might be difficult to do this automatically, it is
> possible for a code review to pick up on things like this.  Ross
> Anderson has written some excellent papers (Robustness Principles for
> Public Key Protocols (Crypto '95), Why Cryptosystems Fail (CACM Nov
> 94) and others).
> 
>         I think there would be a value to a 'Good Security coding'
> seal of approval, implemented by people reviewing code for a price.

Code reviews can pick up some stuff like this, especially if it's an
architectural failing as was the case here.  But consider the related
SunOS bug in fsirand(), where a *= was an = instead.  It's awfully
hard to see something like that, especially if you're expecting to
see the other.  Code reviews are *not* a panacea, as anyone who has
participated in them can tell you.


		--Steve Bellovin

• Previous: Re: What's the netscape problem
• Next: Re: Netscape's purported RNG
• Index(es):
  • Index
  • Thread